Maximum Danger
IP address 91.196.152.221 is a high-risk address operating from French network infrastructure with a threat level of 8/10, primarily linked to active hacking activity including malware and exploit propagation detected across multiple automated honeypot sensors over an eleven-month observation window.
The IP has accumulated 176 reports from 20 distinct automated honeypot sensors between August 2025 and June 2026, with an activity frequency rating of 7/10 indicating sustained malicious behavior. The address routes through autonomous system AS213412, operated by ONYPHE SAS, a French network entity. Detection confidence stands at 86 percent, with recent reports dominated by Hacking (19 reports) and Exploited Host (1 report), suggesting the address functions both as an active attack platform and potentially as a compromised host being leveraged without the operator's knowledge.
The Hacking classification reflects systematic intrusion attempts including exploitation of vulnerabilities, unauthorized access vectors, and attack connection activity observed in the honeypot data. Combined with reported malware and exploit activity, this indicates the IP is actively participating in automated attack campaigns that could target exposed services worldwide. An Exploited Host designation raises additional concerns that the system itself may be compromised and operating as a node in a broader attack infrastructure, potentially scanning or attacking other targets while the legitimate operator remains unaware.
Network administrators should block this address at the firewall level and implement rate-limiting through defensive tools such as fail2ban to mitigate repeated connection attempts. Exposed services should enforce strong authentication, apply security patches promptly, and maintain active intrusion detection monitoring. Organizations receiving connections from this address should treat them as hostile and investigate any successful authentication attempts immediately.
US 
RO 
PL